When a user logs in to iSpring Learn for the first time with one of single sign-on technologies, their account is created in the LMS. The only field which is always passed to iSpring Learn when authorizing via SSO is the Login field.

If you already have a service for SSO (for example, ADFS or Okta) which can pass user profile fields to iSpring Learn, you may want to make the user profile in the LMS filled out automatically. However, fields in iSpring Learn and in a SSO service could be named differently. For instance, the Job Title field in the LMS might correlate to the job_title field in SSO. 

To get all the fields in the user profile filled out correctly, match fields in iSpring Learn and in the SSO service.

  1. Take care of this when initially setting up the SSO technology you picked up or make changes later on the SSO integration settings page.

    Read through detailed instructions on how to enable SAML, JWT and OpenID in your iSpring Learn account.

  2. In the Matching fields of iSpring Learn with the external SSO attributes section, connect fields in iSpring Learn and in the SSO service.
    When setting up a section, the required fields in the user profile of the iSpring Learn LMS should be taken into account.

    In ADFS, in the Outgoing Claim Type column, some field values should be entered manually, for example sub.

  3. Added fields will be synchronized when a user logs in to the LMS. That is to say, the value of the Title field in SSO will be passed to the Job Title field in iSpring Learn. 

    Synchronized data overwrite values previously entered in the profile field manually.
    For example, you have entered 'secondary' in the Education field in the LMS. After a user authorizes, the value will be replaced by the value passed by the SSO service, let's say, 'higher'.

    If the data wasn't passed or the field name was mistyped, the information in iSpring Learn won't be updated, no error message will pop up.
    After authorizing a new user who was not previously in the iSpring Learn LMS, the user will not be created, access to the user's account will not be provided.

    In the Active Directory user profile, the Email field value should be unique or empty.
    The Email field can be empty, provided that it is not a required field in the iSpring Learn LMS user profile.
    401 Unauthorized error may display in iSpring Learn after authorizing a user.
    The reason of the error is that the user's personal account was deactivated in the LMS.
    The administrator needs to activate the user.